Using encoded slashes

Role: system programmer

By default, the API Mediation Layer accepts encoded slashes in the URL path of the request. If you are onboarding applications which expose endpoints that expect encoded slashes, it is necessary to keep the default configuration. We recommend that you change the property to false if you do not expect the applications to use the encoded slashes.

Use the following procedure to reject encoded slashes.

1. Open the file zowe.yaml.
2. Find or add the property components.gateway.apiml.service.allowEncodedSlashes and set the value to false.
3. Restart Zowe.

Requests with encoded slashes are now rejected by the API Mediation Layer.